Cyber risk has been a budding threat since the Industrial Revolution began in Europe. With each passing decade, tools and techniques to support development were improved, increasing this eminent risk. The foundation of this revolution was the discovery of various sources of energy, namely coal, gas, and oil, as well as the discovery of various ore deposits. This led to the birth of the metallurgical sector. Recent graduate of the Certified Cyber Insurance Specialist training course, Alexander Mazay, explores cyber risk in the metallurgical sector as it has developed throughout history.
Metallurgy is a domain of material science and engineering that studies the physical and chemical behavior of metallic elements. It is used, for example, in the production of metals such as steel for airplanes, vehicles (automobiles, railways, and ships), recreational vehicles, buildings, implanted devices, and musical instruments.
Key Areas of Cyber Risk in the Metallurgical Sector
After the Industrial Revolution, the next notable development in the metallurgical sector came in the middle of the 20th century when information technology was born. Nowadays, the metallurgical sector is overrun by automation. An ordinary pickaxe has become a drilling machine, and the movement of ore occurs with the help of a control panel and wi-fi. Unfortunately, along with this increased efficiency, new cyber risks have arisen.
Automation
The metallurgical sector is no stranger to cyber risk. Since the implementation of automation, access control occurs through a unified information network. In addition, company databases house client information, supplier information, intellectual activity, developments, and other important information about the company’s activities.
Employee Access
All employees have their own electronic data account which creates increased cyber risk in the metallurgical sector. There are several ways to violate information security and penetrate an information system. This can, for example, be achieved through social engineering, when a careless employee inadvertently shares his credentials with a hacker, if he opens an unauthorized file and follows a link, or simply inserts an infected drive into the system unit.
Damaged Equipment
The damage of IT or industrial equipment is a major cyber risk. A cyber attack can damage equipment such as drilling rigs or smelting furnaces and they are extremely expensive to replace. Furthermore, the business interruption caused by the inactivity of equipment is dangerous and can result in huge losses. Even if the profit can be compensated after the system is restored, fixed costs such as wages and the cost of electricity cannot.
A Cyber Incident in the Metallurgical Sector
In 2014, a German Steel Mill suffered a cyber incident. A blast furnace stopped due to a cyber attack. The hackers were able to infiltrate the system using spear phishing and social engineering techniques. As a result of the affected furnace, the metal inside it froze. The machinery could not be restored, and the company suffered additional losses due to decreased productivity caused by the breakdown of the furnace. Little has been done since to protect such equipment from cyber attacks due to the nature of operational technology.
The metallurgical sector has to focus on protection against cyber risk. The focus should be directed toward covering potential equipment loss and business interruption as a result of an attack, as well as loss of access to unified information networks. The industry cannot exist without reliable protection, which can be achieved through employing appropriate techniques and issuing cyber insurance policies.
Why Choose
Cyber Insurance Academy?
We are the global standard for accredited cyber insurance certification, with +4,000 Members from +40 countries.
